Data privacy is an important component of any initiative that aims to create or improve data integration systems. WestEd’s Data Integration Support Center (DISC) helps agencies ensure their integrated data systems (IDSs) protect individuals and data privacy through effective governance, policies, and procedures.
DISC has been named a Data Privacy Week Champion for its commitment to promoting data privacy by the National Cybersecurity Alliance. In this special Q&A, DISC’s Associate Director, Laia Tiderman, and Director of Operations, Sean Cottrell, explore key issues in data privacy.
What is the current data privacy landscape?
Sean Cottrell: The data privacy landscape for integrated data systems is evolving with a focus on modernization. There’s a growing emphasis on compliance with regulations like General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), increased awareness of individual rights, and a push for transparency in data processing. Organizations are adopting advanced encryption, access controls, and audit trails to enhance data security and privacy. Striking a balance between innovation and protecting user data remains a key challenge in this landscape.
Laia Tiderman: Many of the integrated data systems in states developed over time, beginning largely in the early 2000s. Technology has changed dramatically over the past 20 years. So as part of that modernization effort Sean mentioned, there are new advances in technology to further secure the privacy of the individuals represented in integrated data systems.
How does DISC view data privacy as an equity issue?
SC: Data privacy within integrated data systems can be an equity issue in several ways:
- Disproportionate Impact: Privacy violations may disproportionately affect marginalized or vulnerable populations, exacerbating existing social inequalities. Integrated data systems must consider and address the potential disparate impacts on different demographic groups.
- Stigmatization and Discrimination: Improper use of integrated data can lead to stigmatization and discrimination against individuals or communities, particularly when sensitive information is mishandled or misinterpreted.
- Access and Control: Unequal access to resources and information can result in certain groups having less control over how their data is used. This lack of control can contribute to a loss of privacy and exacerbate existing power imbalances.
- Surveillance Concerns: Integrated data systems, if not properly regulated, may lead to increased surveillance of specific groups, disproportionately impacting those who are already marginalized and contributing to a sense of targeted scrutiny.
- Bias in Data: Integrated data systems might incorporate biased data from various sources, potentially reinforcing and perpetuating existing societal biases. This can lead to unfair treatment and decisions based on flawed or discriminatory information.
- Digital Divide: Disparities in access to technology and digital literacy may result in certain populations’ being more vulnerable to privacy breaches, as they may not fully understand or be able to control the digital traces they leave.
LT: To address these equity issues, it’s crucial for organizations implementing integrated data systems to adopt inclusive and ethical practices. This includes transparent policies, community engagement, and proactive measures to mitigate potential harm, ensuring that data privacy is upheld as a fundamental right for all individuals, regardless of their background or socioeconomic status.
What steps can leaders take to establish a culture of trust and ethical use of data to improve outcomes?
SC: There are several important steps leaders can take:
- Establish transparent and comprehensive data use policies, ensuring everyone understands how data will be handled and safeguarded.
- Provide ongoing training on data ethics and privacy principles, keeping employees informed about best practices and compliance requirements.
- Demonstrate ethical behavior in data handling to set a precedent.
- Implement strong data governance practices to ensure accountability, proper access controls, and adherence to regulations.
- Embed privacy considerations into the development process, making it a core aspect of any new technology or data initiative by adopting “privacy-by-design” principles.
- Conduct regular audits to assess data practices, identify potential risks, and ensure continuous compliance with ethical standards.
- Prioritize clear communication with users about how their data will be used, and obtain explicit consent when necessary.
- Foster collaboration between data teams, legal experts, and other relevant stakeholders to address ethical concerns and ensure a holistic approach to data management.
- Establish mechanisms for reporting unethical behavior without fear of retaliation, encouraging a culture of openness.
- Regularly review and update policies and practices to adapt to changing regulations and evolving ethical considerations.
LT: Often, organizations are thinking about technological solutions for establishing trust and ethical data use, but as you can see from Sean’s list, this requires working with people, having conversations, and then establishing policies and procedures to support a culture of trust.
As Associate Director for DISC, Laia Tiderman connects DISC’s subject matter experts and resources with public agencies, identifying gaps and solutioning with states to support the development of integrated data systems. Along with providing subject matter expertise on data governance, privacy, and contractual safeguards, Laia leads the development of DISC tools and resources to support public agencies in their IDS modernization.
Sean Cottrell is the Director of Operations at the Data Integration Support Center, where he provides strategic oversight and administrative functions. Along with serving as a senior subject matter expert on privacy law and governance, Sean also serves as partnership director by seeking opportunities to align and support similar efforts to advance the development of integrated data systems.